camel-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Claus Ibsen (JIRA)" <j...@apache.org>
Subject [jira] [Resolved] (CAMEL-9205) REST endpoint with CORS sends invalid header value for Access-Control-Allow-Origin
Date Sat, 10 Oct 2015 08:06:05 GMT

     [ https://issues.apache.org/jira/browse/CAMEL-9205?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Claus Ibsen resolved CAMEL-9205.
--------------------------------
    Resolution: Fixed

using setHeader all the places now

> REST endpoint with CORS sends invalid header value for Access-Control-Allow-Origin
> ----------------------------------------------------------------------------------
>
>                 Key: CAMEL-9205
>                 URL: https://issues.apache.org/jira/browse/CAMEL-9205
>             Project: Camel
>          Issue Type: Bug
>          Components: rest
>    Affects Versions: 2.15.0
>            Reporter: Martin Scheffler
>            Assignee: Claus Ibsen
>            Priority: Minor
>             Fix For: 2.15.4, 2.17.0, 2.16.1
>
>
> I tried enabling CORS for our camel REST endpoint and it does not really work.
> The Access-Control-Allow-Origin header is sent, as it should be. Unfortunately the value
of the header is "*, *" which is not accepted as correct by newer browser versions.
> Firefox 41.0.1 and Chrome 45.0 both reject this header value and do not allow cross domain
access. It seems newer browsers only
> accept a single domain name or "*" and not a list of domains. 
> See http://www.w3.org/TR/cors/#access-control-allow-origin-response-header
> So please change the default behavior to send only "*".
> I tried setting the header value manually:
> <restConfiguration component="servlet" bindingMode="json" contextPath="MyService/rest"
port="8080" enableCORS="true">           
>       <corsHeaders key="Access-Control-Allow-Origin" value="localhost"/>      
    
> </restConfiguration>
> But this results in a header value of "*, localhost" which is also not accepted.
> A workaround is to set <corsHeaders key="Access-Control-Allow-Origin" value=""/>
 which results in a value of "*" for some reason.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message